In Firefox, I see the following warnings in the console when viewing metasmoke:
Some cookies are misusing the recommended “sameSite“ attribute:
Cookie “user.expires_at” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Cookies
Cookie “_metasmoke_session” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Cookies
This implies that at least Firefox will start rejecting MS' session cookies at some point in the future. For Chrome, rejecting such cookies is behind a flag as of Chrome 76. In a quick look, I didn't see when rejecting such cookies will become standard for either browser.
I believe that this is reliant on an upgrade to rails 6, which is blocked by SensibleRoutes. I think it should just work if we upgrade but somebody (maybe me) needs to test it.
In Firefox, I see the following warnings in the console when viewing metasmoke:
This implies that at least Firefox will start rejecting MS' session cookies at some point in the future. For Chrome, rejecting such cookies is behind a flag as of Chrome 76. In a quick look, I didn't see when rejecting such cookies will become standard for either browser.